Cookies
Learn how website cookies work, the different types of cookies, and how to manage them effectively to stay compliant with privacy regulations. Discover the difference between first-party and third-party cookies, understand session vs persistent cookies, and find out which cookies require explicit user consent under current data protection laws.
Non-Essential Cookies: What They Are, Why They Need Consent, and How to Handle Them
Non-essential cookies cover everything from analytics trackers like Google Analytics to advertising pixels from Meta and Google Ads. Under EU law, none of these may be placed on a visitor's device until they give explicit, informed consent. This guide breaks down the categories, the legal rules, and the practical steps for handling them correctly.
Limiting Collection and Retention: How Long Can You Keep Personal Data Under PIPEDA?
PIPEDA Principles 4 and 5 set strict boundaries on what personal data organisations can collect and how long they can retain it. Collecting more than necessary or holding data indefinitely puts your organisation at risk of OPC enforcement action.
Preparing for Canada's Privacy Law Reform: From PIPEDA to Bill C-27 and Beyond
Canada's federal privacy law, PIPEDA, dates from 2000 and is widely seen as overdue for replacement. Bill C-27 would have introduced the Consumer Privacy Protection Act, but it died on the Order Paper in January 2025. A successor bill is expected in 2026 - here is what it proposed, why it failed, and what you should do now.
Cookie Consent and PIPEDA: Do Canadian Websites Need a Cookie Banner?
PIPEDA does not mention cookies by name, but the Office of the Privacy Commissioner has made clear that data collected through tracking cookies qualifies as personal information. That brings cookies squarely within PIPEDA's consent framework - and the answer to whether you need a banner is more nuanced than a simple yes or no.
The 10 Fair Information Principles: A Practical Guide for Website Owners
Canada's federal privacy law, PIPEDA, is built on 10 fair information principles listed in Schedule 1. These principles cover everything from accountability and consent to data accuracy and the right to challenge compliance - and they apply to every cookie, form, and tracker on your website.
PIPEDA Consent Requirements: What Counts as Valid Consent Under Canadian Privacy Law
PIPEDA requires organisations to obtain meaningful consent before collecting, using, or disclosing personal information. But the Act treats consent as a sliding scale - sometimes implied consent suffices, sometimes only express consent will do, and in specific circumstances no consent is needed at all.
Data Subject Rights Under the LGPD: Access, Deletion, Portability and More
Brazil's LGPD grants individuals nine distinct rights over their personal data, from confirmation of processing to review of automated decisions. Controllers must respond immediately or within 15 days, depending on the request type - with no option to extend that deadline.
International Data Transfers Under the LGPD: Rules, Safeguards, and the New Adequacy Era
Brazil's LGPD restricts how personal data leaves the country, requiring either an ANPD adequacy decision, standard contractual clauses, or binding corporate rules. With the EU-Brazil mutual adequacy agreement finalised in January 2026, the transfer landscape is shifting fast - and website owners need to keep up.
Sensitive Personal Data Under the LGPD: What It Is and How Brazil Restricts Its Processing
Brazil's LGPD defines sensitive personal data as information about racial origin, health, biometrics, political opinion, religious belief, and sexual life. Article 11 restricts processing to a narrower set of legal bases than ordinary personal data, and the ANPD has already taken enforcement action against companies that got it wrong.